From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050909 Red Hat/1.0.6-1.4.2 Firefox/1.0.6 Description of problem: The following happens on a Thinkpad T41p with Pentium-M CPU when the USB storage device is removed. The device is not mounted or in use in any other way at the time. This is repeatable and did not happen in kernel 2.6.12-1.1519_FC5. The same problem occurs on a Compaq Desktop machine with 1.5GHz P4 CPU. I have reproduced the problem with two memory sticks of different brand and size. usb 1-4: USB disconnect, address 2 Unable to handle kernel paging request at virtual address 6b6b6bb3 printing eip: f0a97804 *pde = 00000000 Oops: 0002 [#1] Modules linked in: sd_mod video ibm_acpi button battery ac usb_storage scsi_mod uhci_hcd ehci_hcd radeonfb i2c_algo_bit parport_pc parport shpchp hw_random tpm_infineon tpm i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc e1000 floppy dm_crypt aes_i586 dm_snapshot dm_zero dm_mirror ext3 jbd dm_mod CPU: 0 EIP: 0060:[<f0a97804>] Not tainted VLI EFLAGS: 00010286 (2.6.13-1.1555_FC5) EIP is at scsi_remove_device+0x2c/0x38 [scsi_mod] eax: 00000001 ebx: ebdf5738 ecx: 00000000 edx: 6b6b6b6b esi: eade82ac edi: eade82ac ebp: edb73cc4 esp: efeb0e84 ds: 007b es: 007b ss: 0068 Process khubd (pid: 106, threadinfo=efeb0000 task=eff3b030) Stack: ebdf5738 ebdf532c f0a9788f edb73cc4 eade82b0 eade82ac eade82b4 f0a96a09 eade82ac f0a3eac0 f0a3eae0 ed45d26c f0a8f3a2 eade8594 f0a3eac0 f0a2f83b ee68113c c02868b5 ee6811f8 ee681150 c023e13a ee681150 ed45d2e0 00000000 Call Trace: [<f0a9788f>] __scsi_remove_target+0x7f/0xb6 [scsi_mod] [<f0a96a09>] scsi_forget_host+0x37/0x5c [scsi_mod] [<f0a8f3a2>] scsi_remove_host+0x3d/0x7a [scsi_mod] [<f0a2f83b>] storage_disconnect+0xe/0x16 [usb_storage] [<c02868b5>] usb_unbind_interface+0x34/0x60 [<c023e13a>] __device_release_driver+0x4c/0x64 [<c023e17c>] device_release_driver+0x2a/0x38 [<c023dad4>] bus_remove_device+0x4f/0x5d [<c023ce13>] device_del+0x2b/0x5b [<c028d9da>] usb_disable_device+0xbb/0x108 [<c0288bc8>] usb_disconnect+0xaa/0x14c [<c0289a4a>] hub_port_connect_change+0x51/0x393 [<c028a003>] hub_events+0x277/0x3bc [<c028a148>] hub_thread+0x0/0xe5 [<c028a15c>] hub_thread+0x14/0xe5 [<c012dd26>] autoremove_wake_function+0x0/0x37 [<c012d90b>] kthread+0x87/0x8b [<c012d884>] kthread+0x0/0x8b [<c01012fd>] kernel_thread_helper+0x5/0xb Code: 53 89 c3 8b 30 ba 66 00 00 00 b8 05 cc a9 f0 e8 e5 0f 68 cf e8 0c 41 88 cf ff 4e 48 0f 88 a4 03 00 00 89 d8 e8 73 ff ff ff 8b 13 <ff> 42 48 0f 8e 9f 03 00 00 5b 5e c3 55 57 56 53 89 c5 8b 98 b8 Version-Release number of selected component (if applicable): kernel 2.6.13-1.1555_FC5 How reproducible: Always Steps to Reproduce: Plug in USB device, wait 30 seconds for it to finish scanning for partitions etc, then unplug it and get an Oops. Additional info:
This is a known problem which 1.1455 imported from upstream. The fix appears known, and I saw James accepting all 3 patches. So, I wasn't going to do anything special about it. It will be gone in -rc2, most likely. See this (has all three patches attached): http://bugzilla.kernel.org/show_bug.cgi?id=5265
I meant 1.1555 above. Anyway, use a previous kernel for now. 1.1542 seems ok.
This problem still exists in 2.6.13-1.1558_FC5. I just got a segfault on an x86_64 UP kernel. One other item, before the segfault, I got this: Sep 19 18:18:54 localhost udevd[643]: get_netlink_msg: no ACTION in payload found, skip event 'umount' Sep 19 18:18:57 localhost kernel: usb 3-1: USB disconnect, address 2 Sep 19 18:18:57 localhost kernel: general protection fault: 0000 [1] SMP Sep 19 18:18:57 localhost kernel: CPU 0 Sep 19 18:18:57 localhost kernel: Pid: 97, comm: khubd Not tainted 2.6.13-1.1558_FC5 #1 Sep 19 18:18:57 localhost kernel: RIP: 0010:[<ffffffff882df808>] <ffffffff882df808>{:scsi_mod:scsi_remove_device+75} Sep 19 18:18:57 localhost kernel: RSP: 0000:ffff8100379edc98 EFLAGS: 00010292 Sep 19 18:18:57 localhost kernel: RAX: 6b6b6b6b6b6b6b6b RBX: ffff8100328e4a60 RCX: 0000000000000001 Sep 19 18:18:57 localhost kernel: RDX: ffff8100328e4a58 RSI: ffffffff8020185f RDI: 6b6b6b6b6b6b6beb Sep 19 18:18:57 localhost kernel: RBP: ffff81003381c178 R08: 0000000000000000 R09: ffff8100328e4a60 Sep 19 18:18:57 localhost kernel: R10: 00000000ffffffff R11: ffffffff882dfe6c R12: ffff81003381c208 Sep 19 18:18:57 localhost kernel: R13: ffff81003381c188 R14: ffff81003698eb08 R15: 0000000000000100 Sep 19 18:18:57 localhost kernel: FS: 00002aaaab015f70(0000) GS:ffffffff80554800(0000) knlGS:0000000000000000 Sep 19 18:18:57 localhost kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Sep 19 18:18:57 localhost kernel: CR2: 00007fffffa32e30 CR3: 00000000322ed000 CR4: 00000000000006e0 Sep 19 18:18:57 localhost kernel: Process khubd (pid: 97, threadinfo ffff8100379ec000, task ffff810037e15140) Sep 19 18:18:57 localhost kernel: Stack: ffff8100328e4a60 ffff81003381c188 ffff810032f00f60 ffffffff882dfaf5 Sep 19 18:18:57 localhost fstab-sync[2132]: removed mount point /media/flash for /dev/sda1 There's more if you want it.
should be fixed in latest builds.
*** Bug 169379 has been marked as a duplicate of this bug. ***
Ralf says 1.1578 still has it (on ppc at least).
1.1582 seems to behave itself.